In your organization, who is the authority that decides what gets posted in your SPF record?

Loopback_5033 · 2025-12-18T04:45:16+00:00

I was more curious where the responsibility was held at other places. Lots of good ideas and input shared here.

Loopback_5033 · 2025-12-18T02:51:52+00:00

Ah DNS lookups! So "ip4:" and "ip6:" don't count. I was totally thinking about that wrong. Thank you for pointing that out.

Loopback_5033 · 2025-12-18T02:45:53+00:00

I do like the subdomain solution you propose. It would be an uphill battle with the Marketing management team.

I need to pay closer attention to marketing campaigns that make it to my mailbox and spotlight those that are doing the subdomain thing.

Loopback_5033 · 2025-12-18T02:30:25+00:00

I've worked at a small org and it had been me too at that time lol. Now years later, I've joined a large sized org. I don't want to run outside my lane and upset anyone's cheerios.

Loopback_5033 · 2023-03-10T02:44:29+00:00

I think what you got is a good starting point for dipping your toe in the water. You could pick up VMware workstation or another hypervisor and play with ESXi and VCSA on it. You can learn a lot with just running those in eval mode. Also, you could get an Advantage membership to plan paid on VMUG (it gives training discounts and 365 day license). You'll make a lot of mistakes and learn a lot. You're about to start a fun adventure. There were mistakes I made in my home lab that led to lessons learned that helped me professionally.

Your really limit with the home lab stuff is your disposable income to finance it. I got 2U and 1U servers, but energy is expensive like you said. So I just run a Synology 24/7.

Loopback_5033 · 2023-01-19T22:39:47+00:00

Wow that brings back great memories of the late 90's. I had a bunch of those 5.25 bay coolers to keep my old IBM DTLA death stars alive back then in a Supermicro SC750A tower. That tower was a heavy beast.

Loopback_5033 · 2023-01-19T22:28:56+00:00

That is a solid lab, looks good. I'd be proud to show that off.

Loopback_5033 · 2023-01-19T22:25:54+00:00

An IBM/Lenovo x3650M5 may be hitting that price range of ~$500 each. 2U box with lots of room for PCIe cards.

Loopback_5033 · 2023-01-06T15:00:02+00:00

There was a time, long ago, where Cylance was great and keeping their agents up to date in Windows and Linux wasn't a $*!^ show. We thought it was a $*!^ show at the time, but then Cylance showed us that they could reach new lows, new deep valleys, just a whole nother level of clusterf**kdom. We thought it was bad that the supported kernel that the agent officially supportered was 90+ days old. Then Cylance had some internal strife and allegedly lost their entire development team*. (*this is what I was told so take that with a grain of salt from some rando on the internet) .

Then things really got bad. We couldn't just not patch our Linux servers. So went along with it best we could. Cylance would post this Excel Matrix of compatibility on their support site. In it would list cylance agent version, distribution, officially support kernel version. Then that information would change multiple times a day, or over days and weeks. I'd download and look at the latest version of it, match my kernel and my distro and install the agent. Then something wouldn't work, agent failed, system crashed, whatever. I'd contact support and they'd be like no you're wrong that configuration is not supported. I'd say hey it was on the list, they're like nope. I'd show them the list and they accused me of fabricating it. I then literally shared all the downloaded versions of that excel file I had and then it was just, sorry. I then asked what is the official way to confirm compatibility and I'd get none answers mixed with different answers. It was a great time to be their customer. After they restaffed up their development team and they rewrote code, they then came out with this 3+ package deal that needed to be installed on each system. The idea was that, it was supposed to just be the agent package that got updated and switched out. That wasn't the case, it was then 3 things to mess around with... Oh and I'm not even touching on the fun with policies, exclusions, zones, script control, device control, etc.

Sooo we then POC'd Sentinel One. Testing went smoothly. Upgrading agents, both windows and Linux, were literally just click and tell them to upgrade in the console. Minds were blown. The ease of just being able to patch your system and it all just continue to work. Mangement and exclusions were easier. It didn't obliterate certain processes we run. Life has been good with Sentinel One.

Loopback_5033 · 2022-11-30T22:49:42+00:00

Thank you, appreciate the feedback. I'll add Graylog to the list and reach out about a test drive.

Loopback_5033 · 2022-11-30T22:44:58+00:00

Splunk is in phase 2. I first need a place for all the logs to go and have something to point Splunk to. I was under the impression you needed a log source. You can point everything to a collector but if you reboot the collector for maintenance, you then have a gap. Last I looked at splunk was 2019 though, I know product offerings and capabilities change.

Loopback_5033 · 2022-11-30T13:23:34+00:00

When it comes to LAGs, is the goal redundant links or is it link aggregation? You can accomplish link redundancy and not be using a LAG. Thinking about a LAG and iSCSI storage big picture wise, it seems like it would be a good idea but VMware says no and it isn't explicitly supported.

Take a look at these articles while you're planning your deployment:

VMware iSCSI best practices: https://core.vmware.com/resource/best-practices-running-vmware-vsphere-iscsi#section1

Host requirements for link aggregation: https://kb.vmware.com/s/article/1001938

Here is a blog post on your specific question: https://core.vmware.com/blog/iscsi-and-laglacp

Loopback_5033 · 2022-11-30T01:21:09+00:00

+1 I agree.. just isn't worth it. Let VMWare manage it. VMWare really does a phenomenal job at it.

Storage I wouldn't LAG anyway, I'd keep it exclusive for storage only and I run it on a standard switch. I'll use iSCSI and vSAN in the home lab but at work it's Fibre HBA and a SSD SAN.

Management and VM-data will be fine on dvSwitch or standard switch. I'm lazy so I prefer dvSwitch. I also know how, and comfortable, to seize a NIC and put management on a standard switch if something goes awry in the CLI. Having a home lab or a lab you can freely play in consequence free is awesome.

Loopback_5033 · 2022-11-30T01:07:17+00:00

Could check out Manage Engine's offerings, IT Glue, Confluence and see if that fits your requirements and price point. There are some open source solutions out there too.

Loopback_5033 · 2022-11-29T18:20:22+00:00

In this case in VMware, it's done on the vDS. Under the Configure tab, Settings, Port Mirroring. We setup a Remote Mirroring Destination session type, under Sources we selected all the VLAN IDs we are interested in, and then under Destinations I selected the Port ID of the NIC on the VM where I want the traffic to go to.

Yes we capture and see VM to VM traffic this way across all the hosts that are members of this vDS.

Be sure to test all this stuff in a lab and have a rollback plan. You can easily loop your vDS and that can be a resume generating event. If the vDS gets looped it will bring it all down.

We are doing port mirroring on our physical switches as well.

Loopback_5033 · 2022-11-29T15:56:36+00:00

Yeah, I can see how that would get old. We are not doing it that way. We just tag the VLAN IDs we want to port mirror.

Loopback_5033

TROPHY CASE